Users of the Tunefab suite of music ripping software could be waking up to an identity theft nightmare after experts claimed a database left user data publicly accessible for roughly twenty-four hours in September 2023.
You might be reading this and thinking there isn’t a story here, and you might be right: minimal exposure time, and probably minimal damage – but the cache of leaked data is presumed to be around 280GB – which is probably quite a lot of data in plaintext or unencrypted databases.
As a result, we might have to wait a while to see just how much damage has been caused by the leak, via a misconfiguration on database platform MongoDB, even if it was just for a day.
It’s the disclaimer, that’s right, the disclaimer
Per an exclusive from Cybernews, this estimation, and the discovery of the leak itself, comes from cybersecurity researcher Bob Diachenko, who warns that, as is often the case with data leaks, the data may be used to build more detailed profiles on users who’ve been unlucky enough to have data exposed briefly.
While tools such as Tunefab operate on a ‘backup your music for personal use, wink emoji’ basis, and must, somehow, get narrowly away with this on some legal technicality like Roadrunner versus Wile E. Coyote, they’re almost certainly in a legal grey area.
This is, not least, because DVDfab – the company behind not just this software suite, but others designed to rip content from physical media and video streaming services – charge for them.
So, we cannot endorse them, but, from this same perspective, we have to acknowledge that they exist, that people do use them, and the problems they can cause.
Buy your copyrighted content from multi-bazillionaire companies who don’t even need your money to function, kids. Better yet, buy your copyrighted content from independent, DRM-free sources, so you have something akin to ownership of a digital item. Music piracy sounds cool, but you know what isn’t cool? Having your personal data breached to dark forces online.
What you shouldn’t do is try and steal content from a service full stop, and if you are going to do that (don’t write in, we don’t want to hear about it, la-la-la-la), don’t do it by giving money to another service, especially one with such an abysmal track record when it comes to safeguarding your private data.